LISTSERV - VICUG-L Archives - LISTSERV.ICORS.ORG

VICUG-L Archives

Visually Impaired Computer Users' Group List

VICUG-L@LISTSERV.ICORS.ORG

	LISTSERV Archives
	VICUG-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Free Microsoft Program To Battle Spyware Has Some Serious Flaws
From:	Kelly Pierce <[log in to unmask]>
Reply To:	Kelly Pierce <[log in to unmask]>
Date:	Sun, 16 Jan 2005 17:26:32 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (130 lines)

Walter S. mossberg of the Wall Street Journal has been one of the strongest
critics of Microsoft, applying the highest scrutiny possible and not afraid
to dispense frank opinions and advice.  last week he evaluated Microsoft's
new spyware program recently discussed on the list.  According to Walt, it
seems that Microsoft is more concerned about marketing itself than securing
their operating system.

Kelly






The Wall Street Journal
January 13, 2005; Page B1



    Free Microsoft Program To Battle Spyware Has Some Serious Flaws

Walter S. Mossberg


    Microsoft, whose Windows operating system has been plagued by viruses,
spyware and other security problems in recent years, last week began
rolling out some free software to help users cope with those threats.

    The software giant introduced a "beta," or preliminary, version of a
free product designed to block, detect and remove spyware. A free
antivirus program is planned for later release.

    Unfortunately, the company's first free security program has some
serious flaws and lapses. I've been testing Microsoft's antispyware
software, called simply Microsoft AntiSpyware, and I can't recommend it,
in its present form, over the leading third-party antispyware program I
have favored, Webroot's Spy Sweeper.

    To be sure, the new antispyware program is not a finished product. It
was acquired just last month when Microsoft bought a small software
company, and Microsoft engineers had only a few weeks to tweak it before
releasing the beta. Company officials insist they intend to fix the
program's problems based on feedback from beta users, and I take them at
their word. But some of the flaws in this first release are especially
disturbing because they make it appear that the company may be subtly
using its security software to promote its other products, at the expense
of competitors.

    Before getting into the details, let me say a word about Microsoft's
role in protecting consumers against malicious software and other
invasions of their computers. Some critics argue that Microsoft should
stay out of the security-software business so as not to use its Windows
monopoly to unfairly compete with third-party security vendors. But I have
never believed it was inherently wrong for Microsoft to add core functions
to Windows, even if they competed with add-ons sold by other companies.
And I regard security as a core function. To me, the need to protect
Windows users, especially consumers and small businesses without IT
staffs, trumps any antitrust considerations.

    Microsoft AntiSpyware, which can be downloaded at
www.microsoft.com/spyware, has a clean, clear user interface. Like Spy
Sweeper, it runs in the background on your computer, blocking various
spyware invasions. It can also automatically scan your PC on a schedule to
detect and root out spyware.

    I found the program easy to use, though downloading it was a bit of a
hassle because Microsoft tries to get you to verify that your copy of
Windows isn't pirated, which can force you to dig up your Windows serial
number. You can avoid this step and still download the program, but you
have to pay careful attention to the download options.

    The software offers two kinds of scans: a quick, five-minute version,
and a longer version that took about half an hour on my test machine. But
the scans missed some spyware found by Spy Sweeper. In particular,
Microsoft missed "tracking cookies," small files deposited by Web
companies, often without your knowledge or permission, that track your
online activities. The Microsoft program deliberately doesn't look for
these. Microsoft officials say they are concerned that some legitimate
cookies, such as those that store Web-site login information, could be
unfairly labeled as spyware. They promise to add tracking-cookie detection
in the future.

    Even worse is the way the program handles another spyware problem, the
hijacking of Web-browser home pages and search pages. This is a spyware
technique in which the home and search pages in a Web browser are replaced
by pages selected by a spyware company, and it's nearly impossible for a
user to restore his or her own selections.

    The usual way of handling this, with programs like Spy Sweeper, is to
detect the page changes and to restore the user's original choices. But
the Microsoft program tries to replace the spyware pages with home and
search pages from MSN, Microsoft's own online service. This smacks of the
same kind of coercion the spyware authors are using.

    Microsoft insists it isn't trying to drive people to MSN. It says it
can't tell if a user's own choice of a home or search page was "secure,"
so it defaults to setting the home and search pages to a site it knows is
secure, its own MSN site. But the user's choice should rule here, not
Microsoft's.

    Not only that, but Microsoft AntiSpyware does nothing at all to
protect users of the rival Firefox Web browser from home- and search-page
hijacking. It detects and corrects such hijacking only in its own Internet
Explorer Web browser. The company says it is trying to focus on things
that affect "the largest number of customers," and it notes that the vast
majority of users rely on IE. But this, too, smacks of favoritism toward
Microsoft products.

    Microsoft notes that the home-page restoration feature eventually
learns your preferences and stops trying to insert the MSN pages. And it
says it is considering changing the program's behavior in future releases
to handle hijackings differently, and possibly to include Firefox.

    It's good that Microsoft is finally offering users tools to protect
their Windows computers. But it's going to have to do much better, and
it's going to have to avoid the perception that it's using security as a
tool to promote or favor its own products.

    Write to Walter S. Mossberg at
[log in to unmask]


VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask]  In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
 VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG